* on the Fri, Oct 24, 2014 at 04:51:42PM -0400, Wietse Venema wrote: >> I did this for a shared hosting system about ten years ago using the >> ident functionality in Exim. I installed a local ident daemon and >> then configured Exim to talk to it. Once Exim knew the user, it could >> apply user-level ratelimiting to both mail submitted via the >> executable and that submitted via a TCP socket together. > > And how does Exim throttle the client? If it replies with 4xx or 5xx > then you are rejecting mail, and rejected mail would not be delivered.
However you configure it to... In my particular case I made it accept the mail but freeze it in the queue instead of delivering it. I then had a tool which would monitor the queues for frozen mail and alert us so that it could either be thawed or rejected after a manual inspection. Alternatively I could have made it reject with a 4xx or a 5xx, or accept and bounce the message back to the account holder of the web app, or deliver it to a special mailbox, or let it through and flag the account up for inspection, or insert something into a database and alert them some other way, or a million other things... There is a suitable detachment in Exim between it noticing that a configured ratelimit has been hit and how to use that information, or not use it. > Postfix has built-in rate limits but unlike you I am not evangelizing > about those for the reasons stated in the previous paragraph. There is value in noticing when a user is sending an unexpectedly large amount of mail, even if you don't use that information to reject. Ratelimiting is a highly useful tool. -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
signature.asc
Description: Digital signature
